Yes, it's a complete rethink on how to ensure non-repudiation. It's also less of a "call to a gateway" as it is a redirection to the card issuer. The goal is to keep the PIN from the merchants and card processors.
Here's the flow, IIRC. 1. User enters in a CC number into a storefront. 2. Storefront queries the CC number to determine participation in 3dsecure. 3. Response and issuer authentication url is returned. 4. Storefront redirects the user to the card issuer, with an encrypted payload. This could be in a pop-up. 5. User authenticates with card issuer. 6. Card issuer redirects the user back to the storefront with a code in an xml doc signed by the issuer. 7. Storefront adds the code to the authorization that is sent to the credit card processor. In my experience, merchants get very worried (and rightly so) about the redirection/pop-up because you lose control of the user. It's essential to make it a smooth experience. If it's not, you lose sales because the customers don't come back from the redirect. Chris Lombardi > Date: Sun, 19 Oct 2008 13:27:43 -0700 > From: [EMAIL PROTECTED] > To: [email protected] > Subject: Re: [Fwd: Re: I want to discuss integration 3D Secure Credit Card > with ofbiz.] > > I did not catch that, thanks, Chris. > This would be a independent service that the different CC services could > call it while building thier call to the gateway they are using. > it would still be in the third party service. > 3DsecureService.java > > > Christopher L sent the following on 10/19/2008 1:02 PM: > > 3D Secure isn't a payment processor. It's a supplemental authentication > > service that authenticates the cardholder to the *card issuing bank*. > > > > The output of 3D Secure is an encrypted hash (not a payment auth) that is > > then sent via your normal payment authorization service. > > > > So, you really can't implement ccAuth, ccCapture, etc. > > > > Sarvesh is trying to find out where in the checkout process this additional > > authentication step could go to then be utilized by all the payment > > authorization services. I'm familiar with 3D Secure, but unfortunately not > > familiar with the ofbiz ecommerce module, or I'd suggest something myself. > > > > Chris Lombardi > > > >> Date: Sun, 19 Oct 2008 12:41:03 -0700 > >> From: [EMAIL PROTECTED] > >> To: [email protected] > >> Subject: Re: [Fwd: Re: I want to discuss integration 3D Secure Credit Card > >> with ofbiz.] > >> > >> I read > >> http://docs.ofbiz.org/display/OFBIZ/Credit+Card+3D+Secure++Authentication+Integration+with+ofbiz > >> and see no difference than using the CC service called by > >> PaymentGatewayServices > >> all the services now, had web interfaces at one time. > >> > >> > >> > >> Raj Saini sent the following on 10/19/2008 8:43 AM: > >>> BJ, > >>> > >>> 3D secure is not same as normal CC authorization. 3D secure has a issuer > >>> bank authentication and it happens in 2 phases. And that is the reason > >>> this proposal is to make 3D secure generic enough to integrate with > >>> OFBiz so that it can easily hooked up in other payment processors. > >>> > >>> Thanks, > >>> > >>> Raj > >>> > >>> BJ Freeman wrote: > >>>> look at the third party code under the financial folder. > >>>> applications\accounting\src\org\ofbiz\accounting\thirdparty > >>>> provide > >>>> ccAuth > >>>> ccCapture > >>>> at a minimum > >>>> and > >>>> ccRefund > >>>> ccRelease > >>>> ccCredit > >>>> ccAuthCapture > >>>> if the provider supports them. > >>>> > >>>> http://docs.ofbiz.org/display/OFBIZ/OFBiz+Beginner%27s+Development+Guide+Using+Practice+Application > >>>> > >>>> see part 1 > >>>> > >>>> Sarvesh sent the following on 10/17/2008 7:26 AM: > >>>> > >>>>> Hi, > >>>>> > >>>>> > >>>>> I want to discuss integration 3D Secure Credit Card with ofbiz. I > >>>>> have got > >>>>> it working(using protx simulator) by changing some of ofbiz files but > >>>>> still > >>>>> it is not generic so I want to discuss it with the user community to > >>>>> make it > >>>>> generic for general usage. > >>>>> > >>>>> > >>>>> Thanks > >>>>> Sarvesh. > >>>>> > >>>>> > >>>> > >>>> > >>>> > >>> > >>> > >
